General Guidelines And Restrictions; Configuration Task List - HPE FlexNetwork 10500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 10500 Series:
- Security command reference (881 pages) ,
- Network management and monitoring command reference (423 pages) ,
- Configuration manual (407 pages)
Table of Contents
Advertisement
In this mode, the port performs 802.1X authentication first. By default, if 802.1X authentication
fails, MAC authentication is performed.
However, the port in this mode processes authentication differently when the following
conditions exist:
The port is enabled with parallel processing of MAC authentication and 802.1X
authentication.
The port performs MAC-based access control for 802.1X authentication.
The port is enabled with the 802.1X unicast trigger.
The port receives a packet from a unknown MAC address.
Under such conditions, the port sends a unicast EAP-Request/Identity packet to the MAC
address to initiate 802.1X authentication. After that, the port immediately processes MAC
authentication without waiting for the 802.1X authentication result.
•
macAddressOrUserLoginSecureExt.
This mode is similar to the macAddressOrUserLoginSecure mode, except that this mode
supports multiple 802.1X and MAC authentication users.
•
macAddressElseUserLoginSecure.
This mode is the combination of the macAddressWithRadius and userLoginSecure modes, with
MAC authentication having a higher priority as the Else keyword implies. The mode allows one
802.1X authentication user and multiple MAC authentication users to log in.
In this mode, the port performs MAC authentication upon receiving non-802.1X frames. Upon
receiving 802.1X frames, the port performs MAC authentication and then, if the authentication
fails, 802.1X authentication.
•
macAddressElseUserLoginSecureExt.
This mode is similar to the macAddressElseUserLoginSecure mode except that this mode
supports multiple 802.1X and MAC authentication users as the Ext keyword implies.
General guidelines and restrictions
When you configure port security, follow these restrictions and guidelines:
•
Do not configure port security and EVB on the same port. For information about EVB, see EVB
Configuration Guide.
•
A Layer 2 Ethernet interface supports all port security settings in this chapter. A Layer 2
aggregate interface does not support the following port security settings:
The port security mode of autolearn, secure, or userlogin-withoui.
The secure MAC address configuration.
•
After a Layer 2 Ethernet interface is added to an aggregation group, the port security
configuration on the port does not take effect.
•
Do not delete a Layer 2 aggregate interface if the interface has online 802.1X or MAC
authentication users.
In this chapter, the term "port" refers to a Layer 2 Ethernet interface or a Layer 2 aggregate interface.
Configuration task list
Tasks at a glance
(Required.)
(Optional.)
Setting port security's limit on the number of secure
MAC addresses on a port
Enabling port security
Remarks
N/A
N/A
243
Advertisement
Table of Contents
Troubleshooting
